Internet and e-mail policy and practice
including Notes on Internet E-mail


2011
Months
Apr

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email

19 Apr 2011

Latest hacked ESP: Cheetahmail Email

This spam showed up in one of my user's mailboxes earlier today. It was sent from Cheetahmail, a large Email Service Provider, easily verified by checking the sending IP address It is not an ad for Adobe and the URL, which you should definitely not visit, is located in China, and shows a fake Adobe web page which invites you to download a fake Adobe Reader update which is in fact malware. The headers in the message suggest that someone used a Cheetamail client's credentials to log in and create and send this spam in large quantities. (My tiny network got four of them, three of them to spamtrap addresses.)

Cheetahmail is not related to Epsilon, the ESP whose security failures have been in the news lately, but as this spam shows, their security is unfortunately no better.

At this point, in view of the large number of ESPs that have fallen victim to what appears to be the same attack, the safest thing for people to do is to assume that all mail from commercial senders is hostile, do not click on any of its URLs or visit any web site it mentions.

Update: A few people have pointed out that it looks like the spammers phished credentials from one of Cheetahmail's clients and are using them to spam. That may well be true. So what? The spam is coming from Cheetahmail, it's their job to keep it from happening.

The spam has a funky URL that points to a web server in China, a bit implausible for a clothing retailer that operates only in North America. This reinforces my point that ESPs have a lot of valuable data, and they need to treat it that way, which includes looking for activity that is likely to be customer fraud. It's the same reason that my bank calls me on the phone to check when I do something out of the ordinary.


Date: Mon, 18 Apr 2011 13:55:38 -0000
From: Adobe Systems Incoporated <newsletter@adobe-newsletter.com>
Reply-To: Adobe Systems Incoporated <support-[random string]@email.childrensplace.com>
To: [one of my users]
Subject: Get more done, much faster, with new Adobe Acrobat Reader. Upgrade Now

GETTING MORE DONE AT WORK NOW COMES IN A CONVENIENT BOX

See how Adobe Acrobat Reader is a step above anything you've experienced before, so you can be even more productive.

http://www.adobe-link9.com

Just how much faster can you work with Adobe Acrobat Reader
software? Fast enough to stay on top of last-minute changes, connect
with key decision makers, and share updates with co-workers.

You'll discover how easy it is to reuse content by exporting PDF files
to Microsoft Word or Excel formats. And how quickly you can automate
multi-step tasks with new, guided Actions. No wonder PC Magazine
says, "There's a lot to like in Acrobat PDF Reader."

http:// www.adobe-link9.com

Copyright 2011 Adobe Systems Incorporated. All rights reserved.

Adobe Systems Incorporated
343 Preston Street
Ottawa, ON K1S 1N4
Canada


posted at: 10:17 :: permanent link to this entry :: 2 comments
Stable link is https://www.jl.ly/Email/chspam.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access
87 days ago

A keen grasp of the obvious
My high security debit card
394 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.